Cyber Incident Victim: Dreamwall

On May 22, 2024, around 22:00, a cyberattack disrupted operations at Dreamwall's virtual studio facilities in Marcinelle, Belgium. The ransomware attack, attributed to the Akira group, rendered all systems inoperable by combining data exfiltration with encryption of critical infrastructure. Attackers first stole sensitive information before deploying malware to lock down Dreamwall's production systems, demanding payment for data restoration and system access. By the following midday on May 23, the technical disruption became publicly evident when RTBF television viewers observed weather presenter Caroline Dossogne broadcasting from the backup Centre Perex facility in Daussoulx instead of Dreamwall's primary virtual studio. RTBF initially described the issue as a technical problem, though internal assessments indicated a severe cybersecurity incident.

The attack paralyzed all weather bulletin production from Dreamwall's Marcinelle studios, affecting multiple media organizations beyond RTBF. Médias de proximité's weather services experienced outages, while regional broadcaster Télésambre in Charleroi completely omitted weather segments during their May 23 evening programming. International network TV5MONDE substituted its scheduled weather content with unexplained filler programming at approximately 18:25 that same day. No restoration timeline or containment measures were disclosed in available reports. The incident demonstrated cross-organizational impact through Dreamwall's critical role in weather production workflows, with disruptions persisting through at least the evening of May 23 across affected broadcast partners.